Mercurial > hg > nginx
annotate auto/lib/openssl/makefile.bcc @ 9156:36b59521a41c
QUIC: refined sending CONNECTION_CLOSE in various packet types.
As per RFC 9000, section 10.2.3, to ensure that peer successfully removed
packet protection, CONNECTION_CLOSE can be sent in multiple packets using
different packet protection levels.
Now it is sent in all protection levels available.
This roughly corresponds to the following paragraph:
* Prior to confirming the handshake, a peer might be unable to process 1-RTT
packets, so an endpoint SHOULD send a CONNECTION_CLOSE frame in both Handshake
and 1-RTT packets. A server SHOULD also send a CONNECTION_CLOSE frame in an
Initial packet.
In practice, this change allows to avoid sending an Initial packet when we know
the client has handshake keys, by checking if we have discarded initial keys.
Also, this fixes sending CONNECTION_CLOSE when using QuicTLS with old QUIC API,
where TLS stack releases application read keys before handshake confirmation;
it is fixed by sending CONNECTION_CLOSE additionally in a Handshake packet.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Fri, 01 Sep 2023 20:31:46 +0400 |
parents | d620f497c50f |
children |
rev | line source |
---|---|
2838
ecdc41bf2047
backout r2833: CURDIR was set to Unix style path
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
1 |
ecdc41bf2047
backout r2833: CURDIR was set to Unix style path
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
2 # Copyright (C) Igor Sysoev |
4412 | 3 # Copyright (C) Nginx, Inc. |
2838
ecdc41bf2047
backout r2833: CURDIR was set to Unix style path
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
4 |
ecdc41bf2047
backout r2833: CURDIR was set to Unix style path
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
5 |
2846
dfec0e090265
fix building OpenSSL on Win32
Igor Sysoev <igor@sysoev.ru>
parents:
2838
diff
changeset
|
6 all: |
2838
ecdc41bf2047
backout r2833: CURDIR was set to Unix style path
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
7 cd $(OPENSSL) |
ecdc41bf2047
backout r2833: CURDIR was set to Unix style path
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
8 |
3488
92378c49456d
MSVC8 compatibility with OpenSSL 1.0.0
Igor Sysoev <igor@sysoev.ru>
parents:
2846
diff
changeset
|
9 perl Configure BC-32 no-shared --prefix=openssl $(OPENSSL_OPT) |
2838
ecdc41bf2047
backout r2833: CURDIR was set to Unix style path
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
10 |
ecdc41bf2047
backout r2833: CURDIR was set to Unix style path
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
11 ms\do_nasm |
ecdc41bf2047
backout r2833: CURDIR was set to Unix style path
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
12 |
ecdc41bf2047
backout r2833: CURDIR was set to Unix style path
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
13 $(MAKE) -f ms\bcb.mak |
2846
dfec0e090265
fix building OpenSSL on Win32
Igor Sysoev <igor@sysoev.ru>
parents:
2838
diff
changeset
|
14 $(MAKE) -f ms\bcb.mak install |
dfec0e090265
fix building OpenSSL on Win32
Igor Sysoev <igor@sysoev.ru>
parents:
2838
diff
changeset
|
15 |
dfec0e090265
fix building OpenSSL on Win32
Igor Sysoev <igor@sysoev.ru>
parents:
2838
diff
changeset
|
16 # Borland's make does not expand "[ch]" in |
dfec0e090265
fix building OpenSSL on Win32
Igor Sysoev <igor@sysoev.ru>
parents:
2838
diff
changeset
|
17 # copy "inc32\openssl\*.[ch]" "openssl\include\openssl" |
dfec0e090265
fix building OpenSSL on Win32
Igor Sysoev <igor@sysoev.ru>
parents:
2838
diff
changeset
|
18 copy inc32\openssl\*.h openssl\include\openssl |